WinRAR, fixed 19-year security patch
Found and corrected after 19 years a flaw in the system of WinRAR that gave the possibility to externals to access the computer startup programs in the case had been extracted a file with extension ACE.
Who has never used WinRAR to extract and compress files? Probably anyone who found himself in the situation of using his features for free, whether using the computer for work or using the computer occasionally.
As early as 2000, WinRAR gave users the option of extracting compact files, usually .zip files, to store them on their PC. Check Point Research researchers found a bug that was stagnated within the program virtually since its inception. This 19-year-old bug created a huge flaw that endangered the security of the HardDisk.
Check Point explained that by renaming an ACE file with RAR extension, experienced users could manipulate WinRAR to extract a malicious program into the computers start up folder. The malicious program was executed automatically by the next computer restart, this also put the user’s data at risk.
WinRAR has ” readily “ (it took only 19 years) fixed the bug by releasing an updated software version in which it has abandoned support for ACE archives. The company to decompress the files with that type of extension, used a third-party tool that had not been updated since 2005.
No attacks have been reported that used this bug during the 19 years, but with 500 million potentially exposed users, we could say that this is a big oversight on the part of WinRAR. We advise you to update the application version to ensure greater security for your data.
In case you want to learn more, let’s check out this point by Check Point Research.
